alchemist vulnerablity scanner

1. <?php
2. set_time_limit(0);
3. ?>
4. <html>
5. <head>
6. <title>Vulnerability Scanner</title>
7.  
8.  
9. <style type="text/css">
10.  
11. body
12. {
13. color: #ffffff;
14. text-shadow: 2px 2px #000000;
15. background-color: #282828;
16. font-family: Arial, Helvetica, sans-serif;
17. }
18.  
19. pre
20. {
21. background-color: #353535;
22. border: solid 1px #505050;
23. }
24.  
25. input
26. {
27. font-family: Arial, Helvetica, sans-serif;
28. }
29.  
30. .Button
31. {
32. padding: 5px 10px;
33. background: #303030;
34. border: solid #101010 1px;
35. color: #fff;
36. cursor: pointer;
37. font-weight: bold;
38. border-radius: 5px;
39. -moz-border-radius: 5px;
40. -webkit-border-radius: 5px;
41. text-shadow: 1px 1px #000;
42. }
43.  
44. .Input
45. {
46. border: solid #101010 1px;
47. color: white;
48. font-weight: bold;
49. padding: 3px;
50. background-color: #252525;
51. }
52. </style>
53. </head>
54. <body>
55. <div align="center">
56. <pre>
57. _____ _ _ _ _ _ _
58. |_ _| | |__ ___ / \ | | ___ | |__ ___ _ __ ___ (_) ___ | |_
59. | | | |_ \ / _ \ / _ \ | | / __| | |_ \ / _ \ | |_ ` _ \ | | / __| | __|
60. | | | | | | | __/ / ___ \ | | | (__ | | | | | __/ | | | | | | | | \__ \ | |_
61. |_| |_| |_| \___| /_/ \_\ |_| \___| |_| |_| \___| |_| |_| |_| |_| |___/ \__|
62. Vulnerability Scanner www.hackcommunity.com
63. </pre>
64.  
65. <form method="POST" action="">
66. Enter URL : <input type="text" name="url" value="<?php if(isset($_POST['url'])){echo(htmlentities($_POST['url']));}
67. else{echo('http://example.com/index.php?id=1');} ?>" size="75" class="Input" />
68. <input type="submit" name="submit" value="Scan" class="Button" />
69. </form>
70.  
71. <br />
72. <?php
73.  
74. //Coded by The Alchemist
75. //Styled and modified by ande
76. //Thanks again ande
77.  
78. class Vulnscanner
79. {
80. private $sql = array("'",'"');
81. private $rfi = array("http://www.facebook.com");
82. private $lfi = array("../etc/passwd",
83. "../../etc/passwd",
84. "../../../etc/passwd",
85. "../../../../etc/passwd",
86. "../../../../../etc/passwd",
87. "../../../../../../etc/passwd");
88. private $xss = array("'\"/><img src=\"http://owned.com\"/>");
89.  
90.  
91.  
92. private $sqlerrors = array("mysql_", "You have an error in your SQL syntax",
93. "SQL Error", "Database Error", "supplied argument is not a valid MySQL result resource");
94. private $rfierrors = array("Welcome to Facebook - Log In, Sign Up or Learn More", "failed to open stream: No such file or directory");
95. private $lfierrors = array("root:x:0:0:root:", "failed to open stream: No such file or directory");
96. private $xsserrors = array("<img src=\"http://owned.com\"/>");
97.  
98. public function isvalid($link)
99. {
100. if(filter_var($link,FILTER_VALIDATE_URL) && strstr($link,"="))
101. return true;
102. return false;
103. }
104.  
105. private function getcontents($link)
106. {
107. $agent= 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0';
108. $ch = curl_init();
109. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
110. curl_setopt($ch, CURLOPT_VERBOSE, true);
111. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
112. curl_setopt($ch, CURLOPT_USERAGENT, $agent);
113. curl_setopt($ch, CURLOPT_URL,$link);
114. $result=@curl_exec($ch);
115. return $result;
116. }
117.  
118. private function errorcheck($url,$addtourl,$errorar)
119. {
120. foreach($addtourl as $val)
121. {
122. $link = $url.$val;
123. $contents = $this->getcontents($link);
124. foreach($errorar as $err)
125. {
126. if(strstr($contents, $err))
127. return true;
128. }
129. }
130. return false;
131. }
132.  
133. public function issqlvulnerable($link)
134. {
135. $orig = $link;
136. if($this->errorcheck($orig,$this->sql,$this->sqlerrors))
137. echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to SQL Injection.<br />";
138. else
139. echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to SQL Injection.<br />";
140. }
141.  
142. public function isrfivulnerable($link)
143. {
144. $orig = $link;
145. $link = substr($link,0,strpos($link,'=')+1);
146. if($this->errorcheck($link,$this->rfi,$this->rfierrors))
147. echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to RFI.<br />";
148. else
149. echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to RFI.<br />";
150. }
151.  
152. public function islfivulnerable($link)
153. {
154. $orig = $link;
155. $link = substr($link,0,strpos($link,'=')+1);
156. if($this->errorcheck($link,$this->lfi,$this->lfierrors))
157. echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to LFI.<br />";
158. else
159. echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to LFI.<br />";
160. }
161.  
162. public function isxssvulnerable($link)
163. {
164. $orig = $link;
165. $link = substr($link,0,strpos($link,'=')+1);
166. if($this->errorcheck($link,$this->xss,$this->xsserrors))
167. echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to XSS.<br />";
168. else
169. echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to XSS.<br />";
170. }
171.  
172. } // END OF CLASS
173.  
174.  
175.  
176. if(isset($_POST['url']) && isset($_POST['submit']))
177. {
178. $obj = new Vulnscanner();
179. $link = $_POST['url'];
180. if($obj->isvalid($link))
181. {
182. $obj->islfivulnerable($link);
183. $obj->isxssvulnerable($link);
184. $obj->issqlvulnerable($link);
185. $obj->isrfivulnerable($link);
186. }
187. else
188. {
189. echo "<span style=\"color: red;\">". htmlentities($link) ." is not a valid link.</span>";
190. }
191. }
192. ?>
193. </body>
194. </html>